MetaMask is one of the most popular wallets in the cryptocurrency world. It belongs to the category of hot wallets, that is, with internet connectivity. In addition, it is non-custodial, which means that its users are independently responsible for the safety of tokens and own private keys. Consequently, when creating a wallet, users fix a mnemonic phrase or so-called Sid, which in this case consists of 12 words.

MetaMask has already come under the spotlight of crypto enthusiasts in the spring – but not for the best of reasons. In particular, at that time the platform’s developers accidentally blocked users from Venezuela. And since the wallet uses Infura’s node, it turned out to be possible. Read more about the story in a separate article.

How cryptocurrencies are lost

Instructions for disabling iCloud backups were posted from MetaMask’s official Twitter account.

You can disable iCloud backup for MetaMask as follows: Settings > Profile > iCloud > Manage Storage > Backups.

According to Decrypt’s sources, before the announcement, a Twitter user nicknamed Domenic Iacovone shared details of his MetaMask cryptocurrency wallet hack. Here’s his rejoinder, in which he highlights the details of what happened.

Got a call from Apple – yes, from Apple, that’s what it showed up on my screen. Called back as I suspected fraud. I ended up believing the scammers, they asked for a code, which was sent to my phone. A couple of seconds later, all the funds from my MetaMask wallet disappeared.

In other words, the scammers used a unique combination to access my Apple ID account. This required entering a code, which is displayed on another device with access to the account already gained.

Stolen tokens

According to the victim, his wallet had NFT tokens from the Mutant Ape Yacht Club series – MAYC 28478, MAYC 8952 and MAYC 7536. And in addition to them, Domenic Iacovone also lost ApeCoin coins totaling over $100,000. Now the crypto-enthusiast is offering $100,000 as a reward to anyone who helps him to recover the lost funds.


We checked the actual data: today the Mutant Ape Yacht Club collection is on the third place in the ranking of the most expensive. The minimum value of a representative of the line is 30 ether, i.e. the equivalent of $93,000 at the current exchange rate. And since the victim has lost three of these tokens, his losses amount to hundreds of thousands of dollars.

List of the most expensive NFT collections

Another cryptocurrency user in a separate thread on Twitter explained the principle of the scammers’ attack.

MetaMask actually saves a sido phrase file on your iCloud. The scammers requested a password reset for the victim’s Apple ID. By obtaining the two-factor authentication code, they were able to gain control of the Apple ID and access to iCloud, which gave them a path to the funds on the victim’s MetaMask.


Consequently, in the end, the scheme was all about stealing the password to bypass two-factor authentication. Further actions of the victim could not be influenced in any way.

If you also use an iOS device and a MetaMask crypto wallet, we recommend to disable the backup as described above. Also, never trust suspicious identities or calls, and don’t download files from unknown sources. Remember, the security of your cryptocurrencies depends first and foremost on yourself. And as long as you don’t reveal your identity to strangers – or download suspicious files – your coins will be safe.


Note that keeping a large amount of cryptocurrencies in a hot wallet is not a good idea. Since it's connected to the internet, it makes it vulnerable. Therefore, we recommend getting a hardware wallet and storing coins there.

Ledger devices, for example, keep the private key offline, making it beyond the reach of hackers. Additionally, in the case of this situation, it would not be possible to conduct a transaction without physically confirming it on the hardware wallet - and that would save NFT and regular coins.

Buying cryptocurrencies


We believe that this situation turned out to be an extremely frustrating and unnecessary case of cryptocurrency loss. Essentially here the investor only needed to not trust outsiders and not share combinations in the form of passwords with anyone. Although the main reason for loss here was technical, the user's refusal to interact with hackers over the phone would have saved money - as would the use of hardware wallets. It is therefore advisable to ignore other people's calls and requests for password disclosure.

Look for more useful information in our millionaire cryptochat. There we will discuss other developments from the cryptocurrency world that affect all of us.